1. Field of the Invention
This invention relates to authentication systems and methods. Specifically, and not by way of limitation, the present invention relates to a user-centric system and method of authentication.
2. Description of the Related Art
Security and privacy of online data and services are of utmost concern to most consumers utilizing the Internet. There have been many systems and methods employed to provide security and privacy to the Internet user. Authentications systems are often used to authenticate and verify the identity of a user attempting to access online stored data.
One such authentication system involves the use of simple password-based authentication/authorization methodologies. The sensitive data protected by this existing authentication system is clearly at risk if the password is determined or the user leaves his communication device open such that unauthorized persons can access or view the stored data. Saved passwords have often led to unauthorized individuals accessing or modifying stored data. A primary disadvantage of passwords is that they must be memorized. These passwords often have to be changed and many times require the use of special characters (e.g., symbols other than alpha-numeric characters) which are hard to keep track of by a user.
In another existing authentication system, biometrics is used, which leverages unique characteristics that are attributed to the user to authenticate the user. Biometrics also has several disadvantages. First, specialized, and often expensive, equipment is required to read the users measured physical characteristics. Second, the measuring by the equipment often results in erroneous readings. Additionally, there are various challenges in order for biometric authentication to be viable and non-intrusive in day to day operations. Biometric authentication systems are also subject to spoofing and false classification of biometric readings.
In another existing authentication system, often in conjunction with a password authentication system, is the use of hard tokens. The hard tokens act as a key to access the sensitive online data. However, the user must keep possession of the hard token, which can easily be lost.
There are no existing authentication systems which dynamically authenticate a user dependent upon the degree of sensitivity of data or access to resources being served or stored via the Internet. Current existing authentication systems merely use a one-time login with occasional screen locks due to inactivity, which requires the re-entry of the password. Even in the case where the user is periodically prompted to change the password, a static password is oftentimes saved in the user environment, which allows another unauthorized person to overcome the password authentication. Moreover, trojans (unauthorized and unnoticed processes that are classified as malware) can steal/collect the history of the passwords and can initiate unauthorized transactions.
Thus, an authentication system and method are needed to overcome the disadvantages of existing authentication systems. An authentication system is need which is non-intrusive, user-friendly, yet provides enhanced security of access to stored online data. The authentication system must allow a user to spend very little time (e.g., a few seconds) to authenticate their identities. Additionally, the system should include a live input fed into a computing system which cannot be replicated by fake one-time inputs.
Accordingly, a user-centric system and method are needed which dynamically authenticates users attempting to access services and/or stored online data. It is an object of the present invention to provide such a method and system.